CVE-2019-1010123

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via...

CVE-2016-10508

Multiple cross-site scripting XSS vulnerabilities in phpThumb before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php...

CVE-2024-5409

RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details...

RhinOS 跨站脚本漏洞

RhinOS is a web development framework. A cross-site scripting vulnerability exists in RhinOS version 3.0-1190, which originates from an easy cross-site scripting XSS attack via the tamper parameter in /admin/lib/phpthumb/phpthumb.php, which allows an attacker to create malicious URLs in order to...

GHSA-3747-GJC9-VVG6 phpThumb is vulnerable to Server-Side Request Forgery (SSRF)

The default configuration of phpThumb before 1.7.12 has a false value for the disabledebug option, which allows remote attackers to conduct Server-Side Request Forgery SSRF attacks via the src parameter...

phpThumb is vulnerable to Server-Side Request Forgery (SSRF)

The default configuration of phpThumb before 1.7.12 has a false value for the disabledebug option, which allows remote attackers to conduct Server-Side Request Forgery SSRF attacks via the src parameter...

GHSA-M899-6MH4-MPC5 MODX Revolution Incorrect Access Control vulnerability

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

MODX Revolution Incorrect Access Control vulnerability

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

Design/Logic Flaw

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via...

CVE-2019-1010123

MODX Revolution Gallery 1.7.0 is affected by: CWE-434: Unrestricted Upload of File with Dangerous Type. The impact is: Creating file with custom a filename and content. The component is: Filtering user parameters before passing them into phpthumb class. The attack vector is: web request via...

PHP Thumb Fltr Parameter Command Injection

A command injection vulnerability exists in a PHPThumb phpThumb fltr parameter. A remote, authenticated attacker can exploit this vulnerability by sending crafted requests to phpThumb web page. Successful exploitation will result in arbitrary command execution...

VulnCheck KEV: CVE-2018-1000207

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability...

CVE-2018-1000207

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

Improper access control

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

CVE-2018-1000207

MODX Revolution version =2.6.4 contains a Incorrect Access Control vulnerability in Filtering user parameters before passing them into phpthumb class that can result in Creating file with custom a filename and content. This attack appear to be exploitable via Web request. This vulnerability appea...

phpThumb() Cross-Site Scripting Vulnerability

phpThumb is a PHP library for creating thumbnails. The library uses a few lines of code to be able to create thumbnails and support for rotating, cropping, watermarking and so on. A cross-site scripting vulnerability exists in versions of phpThumb prior to 1.7.14. A remote attacker can exploit th...

CVE-2016-10508

Multiple cross-site scripting XSS vulnerabilities in phpThumb before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpThumb before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php...

CVE-2016-10508

Multiple cross-site scripting XSS vulnerabilities in phpThumb before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php...

CVE-2016-10508

The CVE-2016-10508 entry concerns phpThumb, a PHP library for image thumbnail creation. Affected versions are before 1.7.14, where multiple cross-site scripting (XSS) vulnerabilities exist in phpThumb() enabling remote attackers to inject arbitrary web script or HTML through parameters in the dem...